- Guidelines for Businesses
- Data Processing Agreement
- Terms & Conditions
- Content Refresh Guidelines
- Trademark Guidelines
- SEO requirements for partners
When you create a business profile on behalf of your company on Trustpilot or otherwise use our Website, we collect and process personal data about you, as a business user. This document helps you understand what personal data we collect about you, how we collect it, what we use it for, and what rights you have regarding your personal data.
Trustpilot A/S is the entity responsible for processing your personal data.
1. Personal data – what we collect and what we use it for
1.1 Master Data
When you create a business profile on behalf of your company on the Website, we collect the following data:” (the “Master Data”): your name, company address, domain, company name, country, your securely encrypted password and your email address.
This information is mandatory, which means that it will not be possible to create a business profile on the Website without it.
You can choose to add further information to your business profile, such as your company’s website and other relevant company information. This additional information will be part of your company’s public business profile on the Website and will also be part of the Master Data. Trustpilot is an open review platform, therefore, please be aware that depending on the information you add to your business profile, you may or may not disclose personal data.
If your company is a customer of Trustpilot, we also collect information relevant to the fulfilment of the agreement between your company and us.
1.2 Replies to users’ reviews
When you reply to a review made by a user about your company, we collect the information you state in the reply, including company details and your name.
If you report a review about your company for violating our User Guidelines, we collect the information you provide in your report to us. This can include which review you reported, the reason for the report, the date of the report, etc.
Read more about which cookies the Website uses and for which purposes below (in 8).
1.5 Your IP address, browser settings and location
When you visit the Website, we register your computer’s IP address and browser settings. The IP address is the numerical address of the computer used to visit the Website. Browser settings can include the type of browser you use, browser language, and time zone. We collect this information so that we can trace the computer used in cases of misuse or unlawful actions in connection with visits to or use of the Website. We also use the IP address to approximate your location (at city level) and so that we know which sets of our Terms & Conditions apply to your use of our Website.
We collect the information you provide us with when you subscribe to receive our newsletters or similar (we collect your name, email address and newsletter preferences). If you no longer wish to receive our newsletters, you can unsubscribe by logging into your business profile and changing your email settings or you can contact us at email@example.com.
1.7 Call recordings
All inbound and outbound telephone calls made to or by Trustpilot may be recorded for training and quality control purposes. Personal data (for example name and contact details) revealed during a telephone call will be digitally recorded to deliver appropriate services.
1.8 For what purposes do we use your personal data?
We will use the information you provide to us to:
- Provide our services to your company, including review invitation services, and providing you with access to your company’s business profile and our Website
- Identify you as a registered user when you log in to the Website and re-visit the Website
- Verify the legitimacy of your replies to reviews about your company
- Improve the Website and our services
- Respond to your questions and provide related customer service
- Notify you about a review on your company
- Send you our newsletters
- Inform you when users provide feedback concerning your reply to a review or your report of a review about your company
- Engage in various internal business purposes, i.e. data analysis, audits, fraud monitoring and prevention, developing new products and services, improving or modifying the Website, or our services including our TrustBoxes, identifying usage trends, determining the effectiveness of our promotional campaigns and operating
- Comply with legal requirements and legal process, requests from public and governmental authorities, relevant industry standards and our internal policies
- Enforce our Terms & Conditions
- Protect our operations or those of any of our affiliates
- Protect our rights, privacy, safety or property and/or that of our affiliates, you or others
- Allow us to pursue available remedies or limit any damages that we sustain
- For training and quality control purposes, helping us improve the quality of our services
We will also use the information in other ways for which we provide specific notice at the time of collection.
1.9 On what legal basis do we process your personal data?
We need to process your personal data in order to:
- Perform our contract with your company (see Article 6.1.b of the GDPR)
- Comply with our legal obligations (see Article 6.1.c of the GDPR) and operate an online review platform in compliance with, for example, the Unfair Commercial Practices Directive, ICPEN’s guidelines on online reviews and endorsements, The Consumer Protection from Unfair Trading Regulations 2008, The Competition and Markets Authority’s guidance on online reviews and endorsements, the Danish Consumer Ombudsman’s Guidelines on publication of user reviews, the Danish Marketing Practices Act etc.
- Pursue legitimate business interests of our own related to operating the Website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (see Article 6.1.f of the GDPR).
- For the establishment, exercise or defence of legal claims, where necessary (see Article 9.2.f of the GDPR)
Some of these grounds for processing your personal data overlap, so there may be several reasons which justify us processing your personal data.
In those limited circumstances where you have expressly given your consent to us to process your personal data (see Article 6.1.a of the GDPR), for example, when subscribing to our newsletters, you are free to revoke your consent at any time. However, please be aware that we may have the right to continue to process your information if it can be justified on one of the other legal bases mentioned above.
You have the right to object to how we process your personal data or ask us to restrict the processing. Please see below, at 11, for more details.
If you would like more information about our legal basis for processing your personal data, please contact our Data Protection Officer (DPO) - see 13, below.
2. Disclosure of personal data
2.1 Disclosure of personal data on the Website
When you create a business profile on behalf of your company, we will disclose your company information you insert when signing up: company name, company address, domain, country and other information you have chosen to connect with your company’s public profile.
We recommend that you exercise care in deciding which information to make available for disclosing on the Website and be aware that depending on the level of information provided, you may or may not disclose personal data.
Other information provided by you on the Website, including your replies to users’ reviews about your company, are also made available for other users of the Website.
If your company is a customer of Trustpilot, we may also include information on our Website about whether you are or has been a customer of Trustpilot.
2.2 Disclosure to other services
A main purpose of Trustpilot is to increase the exposure and the availability of the reviews made on the Website. Hence, we permit third party services to show the reviews, including but not limited to companies’ replies, created on the Website thus increasing other consumers’ knowledge of Trustpilot and the reviews.
The categories of third party services to which the information is disclosed are:
- Search engines, including Google and Bing
- Consumer portals and business portals, including price comparison websites, shopping guides etc.
- Application partners and platforms, such as Prestashop, Magento, Shopify, WooCommerce
- Business portals
- Other similar websites where, in Trustpilot’s assessment, it will be relevant for users to search for reviews.
2.3 Other disclosures
In addition to the above, we disclose your personal data to the following parties and in the following circumstances:
- To allow third party vendors, consultants and other service providers to perform services on our behalf
- To Trustpilot subsidiaries and other companies within the Trustpilot group of companies
- To comply with laws or to respond to claims, legal process (including but not limited to subpoenas and court orders) and requests from public and government authorities
- To cooperate with regulatory bodies and government authorities, including but not limited to Trading Standards, the Competition and Markets Authority, relevant data protection authorities and the Danish Consumer Ombudsman, in connection with investigations or case referrals
- To third parties in connection with enforcement of our Terms & Conditions and Guidelines
- To third parties in order for us to protect our operations or those of our affiliates
- To third parties in order for us to pursue available remedies, or limit damages that we may sustain
- To third parties in order for us to investigate, prevent or take action regarding suspected or actual prohibited activities, including but not limited to fraud and misuse of our Website
- To a third party in the event of any reorganization, merger, acquisition, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business or assets (including in connection with any bankruptcy or similar proceedings).
3. Data controller
3.1 Information for which we are the data controller
We are the data controller of the Master Data you enter to create and maintain your company’s business profile (see 1.1), as well as a registration of your IP address.
We are also the data controller of the information which is disclosed to other services (see 2.3). Denmark’s data protection laws govern our collection of your data.
3.2 Information for which you or your company are the data controller
You are the data controller for the content you choose to disclose on the Website, including the replies to users’ reviews you write on Trustpilot’s website.
If your company is a customer of Trustpilot, you may be offered the possibility of using Trustpilot’s review invitation service to invite your customers (consumers). When enabling the review invitation service your company is regarded as a data controller of the consumers’ personal data, which is provided to Trustpilot when your company uses the review invitation service. In such cases Trustpilot is regarded as the data processor.
4. Links to websites
Our Website contains links to other websites. Our inclusion of such links does not imply that we endorse those websites. We do not control the content of those third party websites, and assume no responsibility for the third party or their policies or practices.
We encourage you to review the privacy policies for these third party websites because their procedures for collecting, handling and processing personal data will be different from ours.
5. Data processors and transfer of personal data outside EU
We use external companies to maintain the technical operation of the Website and our services. These companies are data processors for the personal data for which we are the data controller. By accepting this Policy, you agree that we may also allow the data for which you or your company is the data controller to be processed by these data processors.
We have data processing agreements in place with the data processors and it follows from these agreements that they must act solely in accordance with our instructions. By accepting this Policy, you authorize us to instruct the data processors to process data in accordance with the Policy and for the purposes of using the Website.
The data processors have taken reasonable technical and organizational measures to protect against the information being accidentally or illegally destroyed, becoming lost or deteriorating, and to protect against the information being disclosed to unauthorized persons, being misused, or in other ways being processed in violation of data protection laws.
On your request – and possibly in return for remuneration at the data processors' applicable hourly rates at any time for such work – the data processors must supply you with sufficient information to demonstrate that the above-mentioned technical and organizational safety measures have been taken.
Some of these data processors and third party services are located outside of the European Union, such as in the US. You consent to us using data processors in unsecure third countries provided that there is a legal framework governing the transfer of your personal data and ensuring adequate protection of it, for example if the data processor is part of the EU-US Privacy Shield framework.
6. Data retention
We keep the Master Data and other personal data you provide, including your replies to reviews, for as long as your company has a business profile or as needed to provide you with our services. We will delete this information upon your request and we will only save a log with the following information: your name, email address and the date of the deletion of your Account. We will keep the log for 3 years. All other information will be deleted.
In some cases, even if your company deletes business profile we then choose to retain certain information (e.g. visits to our Website) in an anonymized or aggregated form.
7. Security measures
We use reasonable organizational, technical and administrative measures to protect your personal data within our organization and we regularly audit our system for vulnerabilities. However, since the internet is not a 100% secure environment, we cannot ensure or warrant the security of the information you transmit to us. Emails sent via the Website may not be encrypted, and we therefore advise you not to include any confidential information in your emails to us.
To learn more about our current practices and policies regarding security and other information, please see our security practices. We are always working to improve our security practices and we will update this information as these practices evolve over time.
8.1 What types of Cookies do we use?
Cookies are small pieces of information that the Website places on your computer's hard disk, on your tablet or on your smartphone. Note that HTML5 introduced Web Storage that has a similar nature to Cookies, and that we therefore consider that as a Cookie in the following.
Cookies contain information that the Website uses to make the communication between you and your web browser more efficient. Cookies identify your computer or device rather than you as an individual user.
We use session cookies, persistent cookies, HTML5 session Storage and HTML5 local Storage session cookies and HTML5 session Storage objects are temporary in nature and are deleted when you exit your web browser. Persistent cookies are permanent in nature and are stored and remain on your computer until they are deleted. Persistent cookies expire or auto delete after a certain period of time, which is set per cookie, but are renewed each time you visit the Website. HTML5 local Storage objects are permanent in nature and remain on your computer until they are deleted.
Measuring Website traffic such as the number of visits to the Website, which domains the visitors come from, which pages they visit on the Website and in which overall geographical areas the visitors are located.
Monitoring Website performance and your use of our Website
Monitoring the performance of the Website, our applications and TrustBoxes and how you use our Website, applications and TrustBoxes.
Authentication and improving the functionality of our Website
Optimizing your experience with the Website, which includes remembering your username and password when you return to the Website and remembering information about your browser and preferences (e.g. which language you prefer).
Connecting you to Social Networks
We give you the option of connecting with Social Networks, such as Facebook.
Ensuring the quality of reviews and to prevent misuse or irregularities in connection with writing reviews and using the Website.
8.3 Third party Cookies
Third party Cookies are set by third party websites – not our Website. When you visit our Website, the following third party Cookies may be set:
- Facebook cookies, set when you log in to our Website with Facebook
- Google cookies, set when you log in to our Website with Google
- Google AdSense cookies, set when displaying relevant targeted advertisements on our Website. Some cookies may be set as DoubleClick, which is part of Google
- Hotjar local Storage, set for managing how and when surveys are displayed. Read more here.
- Google Remarketing: for the purpose of displaying relevant advertisements on third party sites.
8.4 Deletion of cookies
You can delete the cookies already on your device. You can typically delete cookies from the Privacy or History area, available from the Settings or Options menu in the browser. In most browsers, the same menu can be reached through the Ctrl+Shift+Del keyboard shortcut or Command+Shift+Del if you're on a Mac.
If you do not accept Cookies from our Website, you may experience inconvenience in your use of the Website, and you may be prevented from accessing some of its features.
9. Access to the personal data we have about you
If you want to access personal data we have about you, you can email firstname.lastname@example.org and request information about your personal data. Upon receiving your request, we will let you know what personal data we have about you, how we collect the information, the purpose for which we process your personal data, and who we share your personal data with.
10. Correction and deletion of your personal data
If any of the Master Data or additional personal data that we have about you in our capacity as a data controller is incorrect or misleading, you can correct most of the information yourself by logging into your business profile. We recommend that you make any the correction(s) yourself. Otherwise, you are welcome to ask us to assist with correcting your information by contacting us at email@example.com.
You may at any time correct or delete any content and personal data on the Website for which you are the data controller (see 3.2) by logging in to your company’s business profile.
We reserve the right to block access to your company’s business profile and/or delete it if the business profile or the content associated with your company’s business profile on the Website is, in our assessment, discriminating, racist, sexually oriented, unethical, threatening, offensive, harassing or otherwise violates applicable laws, third party rights or our User Guidelines, or is inconsistent with the purpose of the Website. If we block access to or delete your company’s business profile, we will inform you of the reason for blocking or deleting your company’s business profile by sending an email to the address you provided when you created your company’s business profile.
11. Other rights
In addition to the rights set out above concerning your personal data, you also have the following rights:
- You have a right to data portability
- You also have the right to object to the processing of your personal data and have the processing of your personal data restricted.
- In particular, you have a right to object to the processing of your personal data for direct marketing purposes.
- If our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing of data carried out before you withdrew your consent. You may withdraw your consent by emailing us at firstname.lastname@example.org.
In some circumstances, these rights may be limited or conditional. For example, whether or not you have the right to data portability in a particular case depends on the specific circumstances of the processing activity.
12. Children’s information
Our Website is not intended for children. If you become aware that a child under the age of 16 has provided us with their personal data, please contact us.
13. Our Data Protection Officer
We have a Data Protection Officer (DPO). If you have any questions about the data processing activities performed by us, you are welcome to contact our DPO by email at: email@example.com.
14. Changes to this Policy
We reserve the right to make changes to this Policy. The date shown at the start of this Policy indicates when it was last revised. If we make material changes to it, we will provide notice through our Website, or by other means, to give you the opportunity to review the changes before they come into effect. If you object to our changes, you can close your business profile. Your continued use of our Website after we publish or send a notice about the changes to the Policy will mean that you accept and agree to the updated Policy.
15. Contact information and where to send questions or complaints
If you have questions or concerns about our Policy, how we process your personal data, or would like us to correct your personal data, feel free to contact us at: firstname.lastname@example.org.
You can also reach us by post.
If contacting us does not resolve your complaint, you have further options, for example you may always lodge a complaint with a data protection supervisory authority, e.g. The Danish Data Protection Agency. You can read more about it here.
Our contact details are:
Pilestraede 58, 5th floor, 1112 Copenhagen, Denmark
CVR no.: 30276582
You can also find additional resources about data privacy in our Support Center here.